I noticed the forum is not using HTTPS to encrypt traffic to and from web browsers and phones and the likes.

In itself this is not a big deal, but it may open up some people to password sniffing, especially on publiv WiFi points and the like. (and of course nooooobody uses an important/same password on a forum or something like electronic banking.. right??? right... )

There's a free option these days to get at least a base certificate for the webserver software that can help out and encrypt the traffic flowing between clients and the forum software: